honor userPrivacyLock. check noteShared in getNoteR.
This commit is contained in:
parent
1721fe2544
commit
156dfe4bd2
|
@ -11,16 +11,19 @@ import qualified Text.Blaze.Html5 as H
|
||||||
|
|
||||||
getNotesR :: UserNameP -> Handler Html
|
getNotesR :: UserNameP -> Handler Html
|
||||||
getNotesR unamep@(UserNameP uname) = do
|
getNotesR unamep@(UserNameP uname) = do
|
||||||
muserid <- maybeAuthId
|
mauthuname <- maybeAuthUsername
|
||||||
(limit', page') <- lookupPagingParams
|
(limit', page') <- lookupPagingParams
|
||||||
let queryp = "query" :: Text
|
let queryp = "query"
|
||||||
mquery <- lookupGetParam queryp
|
mquery <- lookupGetParam queryp
|
||||||
let limit = maybe 20 fromIntegral limit'
|
let limit = maybe 20 fromIntegral limit'
|
||||||
page = maybe 1 fromIntegral page'
|
page = maybe 1 fromIntegral page'
|
||||||
mqueryp = fmap (\q -> (queryp, q)) mquery
|
mqueryp = fmap (\q -> (queryp, q)) mquery
|
||||||
|
isowner = maybe False (== uname) mauthuname
|
||||||
(bcount, notes) <- runDB $ do
|
(bcount, notes) <- runDB $ do
|
||||||
Entity userId _ <- getBy404 (UniqueUserName uname)
|
Entity userId user <- getBy404 (UniqueUserName uname)
|
||||||
let sharedp = if muserid == Just userId then SharedAll else SharedPublic
|
let sharedp = if isowner then SharedAll else SharedPublic
|
||||||
|
when (not isowner && userPrivacyLock user)
|
||||||
|
(redirect (AuthR LoginR))
|
||||||
getNoteList userId mquery sharedp limit page
|
getNoteList userId mquery sharedp limit page
|
||||||
req <- getRequest
|
req <- getRequest
|
||||||
mroute <- getCurrentRoute
|
mroute <- getCurrentRoute
|
||||||
|
@ -40,12 +43,17 @@ getNotesR unamep@(UserNameP uname) = do
|
||||||
|
|
||||||
getNoteR :: UserNameP -> NtSlug -> Handler Html
|
getNoteR :: UserNameP -> NtSlug -> Handler Html
|
||||||
getNoteR unamep@(UserNameP uname) slug = do
|
getNoteR unamep@(UserNameP uname) slug = do
|
||||||
|
mauthuname <- maybeAuthUsername
|
||||||
let renderEl = "note" :: Text
|
let renderEl = "note" :: Text
|
||||||
|
isowner = maybe False (== uname) mauthuname
|
||||||
note <-
|
note <-
|
||||||
runDB $
|
runDB $
|
||||||
do Entity userId _ <- getBy404 (UniqueUserName uname)
|
do Entity userId user <- getBy404 (UniqueUserName uname)
|
||||||
mnote <- getNote userId slug
|
mnote <- getNote userId slug
|
||||||
maybe notFound pure mnote
|
note <- maybe notFound pure mnote
|
||||||
|
when (not isowner && (userPrivacyLock user || (not . noteShared . entityVal) note))
|
||||||
|
(redirect (AuthR LoginR))
|
||||||
|
pure note
|
||||||
defaultLayout $ do
|
defaultLayout $ do
|
||||||
$(widgetFile "note")
|
$(widgetFile "note")
|
||||||
toWidgetBody [julius|
|
toWidgetBody [julius|
|
||||||
|
@ -147,16 +155,19 @@ noteToRssEntry usernamep (Entity entryId entry) =
|
||||||
|
|
||||||
getNotesFeedR :: UserNameP -> Handler RepRss
|
getNotesFeedR :: UserNameP -> Handler RepRss
|
||||||
getNotesFeedR unamep@(UserNameP uname) = do
|
getNotesFeedR unamep@(UserNameP uname) = do
|
||||||
|
mauthuname <- maybeAuthUsername
|
||||||
(limit', page') <- lookupPagingParams
|
(limit', page') <- lookupPagingParams
|
||||||
let queryp = "query" :: Text
|
mquery <- lookupGetParam "query"
|
||||||
mquery <- lookupGetParam queryp
|
|
||||||
let limit = maybe 20 fromIntegral limit'
|
let limit = maybe 20 fromIntegral limit'
|
||||||
page = maybe 1 fromIntegral page'
|
page = maybe 1 fromIntegral page'
|
||||||
(bcount, notes) <- runDB $ do
|
isowner = maybe False (== uname) mauthuname
|
||||||
Entity userId _ <- getBy404 (UniqueUserName uname)
|
(_, notes) <- runDB $ do
|
||||||
|
Entity userId user <- getBy404 (UniqueUserName uname)
|
||||||
|
when (not isowner && userPrivacyLock user)
|
||||||
|
(redirect (AuthR LoginR))
|
||||||
getNoteList userId mquery SharedPublic limit page
|
getNoteList userId mquery SharedPublic limit page
|
||||||
let (descr :: Html) = toHtml $ H.text (uname <> " notes")
|
let (descr :: Html) = toHtml $ H.text (uname <> " notes")
|
||||||
let entries = map (noteToRssEntry unamep) notes
|
entries = map (noteToRssEntry unamep) notes
|
||||||
updated <- case maximumMay (map feedEntryUpdated entries) of
|
updated <- case maximumMay (map feedEntryUpdated entries) of
|
||||||
Nothing -> liftIO $ getCurrentTime
|
Nothing -> liftIO $ getCurrentTime
|
||||||
Just m -> return m
|
Just m -> return m
|
||||||
|
|
|
@ -81,15 +81,16 @@ getUserFeedR unamep@(UserNameP uname) = do
|
||||||
let limit = maybe 120 fromIntegral limit'
|
let limit = maybe 120 fromIntegral limit'
|
||||||
page = maybe 1 fromIntegral page'
|
page = maybe 1 fromIntegral page'
|
||||||
queryp = "query" :: Text
|
queryp = "query" :: Text
|
||||||
|
isowner = maybe False (== uname) mauthuname
|
||||||
mquery <- lookupGetParam queryp
|
mquery <- lookupGetParam queryp
|
||||||
(bcount, bmarks, alltags) <-
|
(_, bmarks) <-
|
||||||
runDB $
|
runDB $
|
||||||
do Entity userId user <- getBy404 (UniqueUserName uname)
|
do Entity userId user <- getBy404 (UniqueUserName uname)
|
||||||
(cnt, bm) <- bookmarksQuery userId SharedPublic FilterAll [] mquery limit page
|
when (not isowner && userPrivacyLock user)
|
||||||
tg <- tagsQuery bm
|
(redirect (AuthR LoginR))
|
||||||
pure (cnt, bm, tg)
|
bookmarksQuery userId SharedPublic FilterAll [] mquery limit page
|
||||||
let (descr :: Html) = toHtml $ H.text ("Bookmarks saved by " <> uname)
|
let (descr :: Html) = toHtml $ H.text ("Bookmarks saved by " <> uname)
|
||||||
let entries = map bookmarkToRssEntry bmarks
|
entries = map bookmarkToRssEntry bmarks
|
||||||
updated <- case maximumMay (map feedEntryUpdated entries) of
|
updated <- case maximumMay (map feedEntryUpdated entries) of
|
||||||
Nothing -> liftIO $ getCurrentTime
|
Nothing -> liftIO $ getCurrentTime
|
||||||
Just m -> return m
|
Just m -> return m
|
||||||
|
|
Loading…
Reference in a new issue